Privacy #151
Privacy #151
Conversation
put local address printing in it's own func
needs adding whitelist first
BLE_Privacy/mbed-os.lib
Outdated
| @@ -0,0 +1 @@ | |||
| https://github.com/ARMmbed/mbed-os/#f9ee4e849f8cbd64f1ec5fdd4ad256585a208360 | |||
There was a problem hiding this comment.
That's mbed OS 5.8.2 (does that work?), please make it point to mbed OS 5.9 RC1 :) (6817dc43f9f5216cbe077059fc561fa89a766dc9 )
There was a problem hiding this comment.
yes, thank you
BLE_Privacy/source/main.cpp
Outdated
| printf("Whitelist failed to generate.\r\n"); | ||
| } | ||
|
|
||
| /* this callback transfer memory ownership to us so we have to dispose of it */ |
There was a problem hiding this comment.
Actually we have ownership of it during the whole process.
There was a problem hiding this comment.
we hand it over with generateWhitelistFromBondTable(whitelist) after which we are not allowed to delete it before the callback happens and we do not store a pointer to it so effectively we are handing it over
There was a problem hiding this comment.
I think we should look into using shared_ptr-type abstractions (which exist in mbed OS) when it makes sense - but that's a separate topic. Looking at the doc for generateWhitelistFromBondTable(), it's not very clear what the object lifetime should be.
There was a problem hiding this comment.
I will now seemingly backtrack on what I said: lifetime is decided by the user, the whitelist could be statically allocated, in my example I relinquish control but the doc doesn't require that: the only requirement is that you do not access the whitelist when callback is pending.
BLE_Privacy/source/main.cpp
Outdated
| } | ||
| }; | ||
|
|
||
| /** advertise and filer based on known devices */ |
BLE_Privacy/source/main.cpp
Outdated
| printf("Whitelist failed to generate.\r\n"); | ||
| } | ||
|
|
||
| /* this callback transfer memory ownership to us so we have to dispose of it */ |
There was a problem hiding this comment.
I think we should look into using shared_ptr-type abstractions (which exist in mbed OS) when it makes sense - but that's a separate topic. Looking at the doc for generateWhitelistFromBondTable(), it's not very clear what the object lifetime should be.
BLE_Privacy/source/main.cpp
Outdated
| * byte 1: The key, it is the type of the data | ||
| * byte [2..N] The value. N is equal to byte0 - 1 */ | ||
|
|
||
| const uint8_t record_length = params->advertisingData[i]; |
There was a problem hiding this comment.
We need a length check: Fail if i + 2 + record_length >= params->advertisingDataLen otherwise we're vulnerable to buffer overflow attacks.
There was a problem hiding this comment.
...in which case I should also not trust that the string is well formatted.
What we really need is the on_scan callback to return a typed list of items and not having the user look at bytes.
There was a problem hiding this comment.
That's different: Badly formatted buffer: we get garbage that we can ignore; String with length flag set to an invalid value (which is a specific case of the former): undefined behaviour.
Agreed that in the long run which should do that parsing ourselves.
BLE_Privacy/source/main.cpp
Outdated
| } | ||
| { | ||
| printf("\r\n * Device is a central *\r\n\r\n"); | ||
| PrivacyCentral peripheral(ble, queue); |
There was a problem hiding this comment.
Should be called central 😄
|
addressed your comments |
BLE_Privacy/mbed_app.json
Outdated
| "target.features_add": ["BLE"], | ||
| "target.extra_labels_add": ["ST_BLUENRG"] | ||
| }, | ||
| "NUCLEO_F401RE": { |
There was a problem hiding this comment.
The cordio driver is not public.
I would remove st support as st own implementation doesn't implement the security manager.
BLE_Privacy/module.json
Outdated
| @@ -0,0 +1,15 @@ | |||
| { | |||
There was a problem hiding this comment.
This can be removed as we don't care of yotta anymore.
| @@ -0,0 +1 @@ | |||
| https://github.com/ARMmbed/cordio-ble-x-nucleo-idb0xa1 | |||
There was a problem hiding this comment.
This repository is not public; This file can be removed for now; please see my comment above.
BLE_Privacy/source/main.cpp
Outdated
| _bonded = true; | ||
|
|
||
| /* provide memory for the generated whitelist */ | ||
| Gap::Whitelist_t* whitelist = new Gap::Whitelist_t; |
There was a problem hiding this comment.
Maybe the white list can go into a member variable that would makes the whole code a bit more readable.
|
|
||
| /* for use by tools we print out own address and also use it | ||
| * to seed RNG as the address is unique */ | ||
| print_local_address(); |
There was a problem hiding this comment.
Printing the local address is useless as privacy is enabled few lines below.
There was a problem hiding this comment.
we use it in our tools and I use it as seed and it shows the identity address which we will later see on the other side
There was a problem hiding this comment.
We use it in our tools to identify the device advertising unfortunately this won't work this time as the address is private. I would suggest to add a random vendor specific field in the advertising payload and print it so we can identify the device advertising.
Note: this is not a blocker for this to get in but it will be once we add tests for this example.
There was a problem hiding this comment.
It is harmless and it does show the identity address before the privacy is enabled so you can see that you're connecting to the right device - connections is based on name
BLE_Privacy/source/main.cpp
Outdated
| } | ||
| }; | ||
|
|
||
| /* TODO: remove this, pairing should be done by the strategy automatically */ |
There was a problem hiding this comment.
Please remove this as it should be done by the strategy.
BLE_Privacy/source/main.cpp
Outdated
| virtual ~PrivacyDevice() | ||
| { | ||
| if (_ble.hasInitialized()) { | ||
| _ble.shutdown(); |
There was a problem hiding this comment.
I wouldn't initialize and shutdown the ble instance as the process is still instable on Cordio as there is not enough stack support.
Initialization the stack once and leave it active would be better.
BLE_Privacy/source/main.cpp
Outdated
| ble_error_t error; | ||
|
|
||
| /* to show we're running we'll blink every 500ms */ | ||
| _event_queue.call_every(500, this, &PrivacyDevice::blink); |
There was a problem hiding this comment.
This event must be removed at destruction.
There was a problem hiding this comment.
queue now is recreated
BLE_Privacy/source/main.cpp
Outdated
| GapAdvertisingData advertising_data; | ||
|
|
||
| /* add advertising flags */ | ||
| advertising_data.addFlags(GapAdvertisingData::LE_GENERAL_DISCOVERABLE |
There was a problem hiding this comment.
If you intend to use the whitelist then remove the discoverable flag.
BLE_Privacy/source/main.cpp
Outdated
|
|
||
| if (record_length < 2) { | ||
| /* malformed record */ | ||
| } else if ((type == GapAdvertisingData::FLAGS)) { |
There was a problem hiding this comment.
This bit must be removed if the flag is not set in advertising data.
|
|
|
thanks, fixed |
|
thank you |
BLE_Privacy/source/main.cpp
Outdated
| * byte 1: The key, it is the type of the data | ||
| * byte [2..N] The value. N is equal to byte0 - 1 */ | ||
|
|
||
| const uint8_t record_length = params->advertisingData[i]; |
There was a problem hiding this comment.
That's different: Badly formatted buffer: we get garbage that we can ignore; String with length flag set to an invalid value (which is a specific case of the former): undefined behaviour.
Agreed that in the long run which should do that parsing ourselves.
No description provided.